's Avatar

Madeline Dickson November 21, 2016 - InfoSec Tips

Locky ransomware has been updated today. It is now appending the new file extension .aesir. So Locky authors continue naming their virus updates using Norse mythology themes and Gods. This has been a bit less than one month since the previous Thor version of the notorious Locky ransomware appeared.
The updated virus uses a new ransom note that looks like this: [random_number]-INSTRUCTION.html
Locky ransomware family is almost impossible to decrypt as it uses strong crypto systems like AES and RSA.
The update now can target 456 different file types. It was 400 previously with the Thor version. So we see cyber criminals are gradually adding up more extensions.
One more in the endless line of Locky viruses is an electronic message pretending to originate from your ISP stating you have been spreading spam. It is traditionally being sent from sporadic companies and organizations with a randomly named zip attachment that looks something like logs_recipients name .zip

Other sorts of Locky spam messages return to a classic email with the Your Amazon.com order has dispatched ( #654-7376878-4145130) subject, and a zip attachment is corresponding the subject.
It looks like we will hear about numerous similar fake delivery notifications with the upcoming holiday season and online shopping days like Black Friday. They are going to fill our inboxes with both malicious and also real notifications.
Hackers make use of various subjects that trick readers to open the attachment. An extremely high percentage} are being aimed at small companies, anticipating to have larger payoffs than from home users.
More about Aesir variant of Locky and possible remediation tips can be fund here: soft2secure.com/knowle…